Certain versions of the Microsoft® Windows® server operating system support “Terminal Services.” Using Terminal Services, a server system can deliver a conventional Windows® desktop, as well as the latest Windows®-based applications, to a remotely located desktop computing device which is referred to as a client device or remote terminal. The remote terminal is often a personal computer running specialized terminal emulation software. In the Microsoft® Windows® environment described herein, the remote terminal runs software that is specifically designed for operation with Windows® Terminal Services.
When a user runs an application in this environment, most or all of the application execution, data processing, and data storage take place on the server; only things such as keyboard, mouse, display, and print information are transmitted back and forth between the server and the remote terminal.
A single server system can support multiple users and corresponding user sessions. Each user logs on and sees only their individual session, which is managed transparently by the server operating system and is independent of any other client session.
Communications between the server system and the various remote terminals are frequently by means of a network of some sort. The network might be a private local-area network, a private or public wide-area network, or a publicly-accessible network such as the Internet. Various forms of encryption are utilized between the server system and the remote terminals to ensure privacy and data integrity over these otherwise unsecure forms of network communications. Both the server system software and the remote terminal software are designed to support this encryption.
Microsoft® Windows® Terminal Services utilizes RDP (remote desktop protocol), a presentation services protocol that governs communications between the server system and the remote terminals. RDP uses its own video driver on the server system to render display output by constructing the rendering information into network packets and sending them over the network to the client device. The client receives the rendering data and interprets it into corresponding Win32® GDI API calls. Similarly, client mouse and keyboard messages are redirected from the client to the server. At the server, RDP uses its own virtual keyboard and mouse driver to receive these keyboard and mouse events. In addition to these basic input/output functions, RDP provides support for various other features, such as print redirection, clipboard mapping, remote control, and network load balancing. In addition, RDP enables data compression, data encryption, and logon and logoff services. RDP communications are typically packaged or embedded within the TCP/IP protocol.
The server system is capable of executing a number of different sessions. Each user session is typically associated with a single user and remote terminal, although the same session might be associated with different remote terminals during different time periods. To initiate a user session, the user establishes a secure connection between a particular client device and the server system. The server system then utilizes the I/O capabilities of the client device to authenticate the user, in a process referred to as a “logon” process. Authentication is typically performed by requesting user credentials, which normally comprise a user name and password. Upon receiving valid credentials, the server system creates a session and connects the client device to that session.
In many networked environments, and particularly in the Internet environment, data connections are unreliable and can be easily lost. In the Terminal Services environment described above, losing data communications between the server system and the client device does not necessarily terminate the session associated with that client device. Rather, the session is kept active for a predefined time period, and the user can log back on to that session using the same client device or a different client device. The logon process is similar to the initial logon process, in that the server system authenticates the user by requesting user credentials. Rather than creating a new session, however, the server system recognizes the user as being associated with an existing session, and reconnects the user to that session. In some systems, the client device might retain a session identifier from the previous session and submit the session identifier during the subsequent logon process to reconnect to that session.